CVE-2012-5837

CVE-2012-5837 (Developer Toolbar chrome privileges XSS) is addressed in openSUSE’s Firefox ESR update, fixed in firefox-esr-128.5.1-1.1 on GA media (openSUSE-Tumbleweed). Connected advisories (OPENSUSE-SU-2024:14572-1; OSV:OPENSUSE-SU-2024:14572-1) confirm that the Firefox ESR update resolves mul...

CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

Script entered into Developer Toolbar runs with chrome privileges — Mozilla

Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting XSS if a user can be convinced to paste malicious code into the Developer Toolbar...

WordPress Cardoza Ajax Search 1.1 SQL Injection Vulnerability

WordPress Cardoza Ajax Search plugin version 1.1 suffers from a remote SQL injection vulnerability. Exploit Title : SQl INJECTION AJAX Post Search --- wordpress plugin--- Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/12/12 version: 1.1 software link:...

XSS in answer my question plugin

Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ Answer my question plugin description This plugi...

CVE-2012-5820

The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2012-5820

The CVE concerns the Google AdMob developer-account sample code failing to verify that the server hostname matches the CN/subjectAltName in the X.509 certificate. This allows MITM attackers to spoof SSL servers using an arbitrary valid certificate. Affected: Google AdMob sample code; root cause: ...

Keshav Infotech - SQL Injection / Cross-Site Scripting Vulnerabilities

Customised PHP Applications Development | Wordpress application development | iphone applications | offer PHP Programmer and PHP Developer at a affordable cost | Web Design india | Wordpress dedicated Wordpress experts for your Wordpress Development – KeshavInfotech | PHP Web Designers India |...

Tokyo BBS vulnerable to cross-site scripting

Overview Tokyo BBS contains a cross-site scripting vulnerability. Tokyo BBS provided by Come on Girls Interface contains a cross-site scripting vulnerability. Naohiko Tsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...

Multiple vulnerabilities in Megapolis.Portal Manager

Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many...

French Android Malware writer Arrested for stealing $653700

A French hacker has been arrested for spreading a virus through fake smartphone applications. Prosecutors say he stole tiny sums from 17,000 people, amassing about 500,000 euros £405,000 since 2011. Working from the basement of his parents' home in Amiens, France, he created malicious software th...

[SECURITY] Fedora 16 Update: gitolite3-3.04-4.fc16

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

CVE-2012-3152

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the Octob...

CVE-2012-3153

CVE-2012-3153 affects Oracle Fusion Middleware’s Oracle Reports Developer (11.1.1.4/11.1.1.6/11.1.2.0). It involves an unspecified vulnerability in the Reports Servlet that can compromise confidentiality and integrity via unknown vectors related to the Report Server component; the vulnerability m...

CVE-2012-3152

CVE-2012-3152/3153 affect Oracle Fusion Middleware’s Oracle Reports Developer component (11.1.1.4, 11.1.1.6, 11.1.2.0). An unspecified vulnerability in the Report Server/Servlet can allow remote attackers to affect confidentiality and integrity; one note indicates possible file read/upload of a ....

Firefox 16 pulled just after release to address security vulnerabilities

The latest version of Mozilla's Firefox browser has been taken offline after a security vulnerability was discovered. Mozilla's Firefox 16 web browser got its regular six-weekly update yesterday but the organisation decided to pull the browser hours after the release. The outfit claimed it became...

Megapolis.Portal Manager Cross Site Scripting

Hello list! I want to warn you about multiple Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many...